The report says the series of spyware attacks used a previously unknown feature of iPhones » Today Latest Stories
Researchers at cybersecurity firm Kaspersky said they have discovered a mysterious hardware feature that was likely exploited by hackers during previously reported spyware attacks on iPhone users.
the advertisement It is an update on the researchers’ investigation into a campaign they called Operation Triangulation. The researchers said that the hackers, active since 2019, were attacking targets by sending iMessages containing malicious attachments and exploiting four security flaws.
The Russian government blamed the campaign on the United States, claiming it had hacked “thousands of Apple phones” to spy on Russian diplomats. Apple has denied the allegations, and Kaspersky has not attributed the hacking operation to any government or known hacking group.
Kaspersky’s new findings relate to the patched vulnerability tracked as CVE-2023-38606. Apple fixed the flaw in July, saying the company was “aware of a report that this issue may have been actively exploited.”
The researchers essentially said that the hackers used the obscure hardware feature to bypass hardware-based security meant to protect the kernel — the core part of the operating system that, among other things, provides a bridge between software and hardware.
“If we try to describe this feature and how attackers took advantage of it, it all boils down to this: They are able to write data to a specific physical address while bypassing hardware-based memory protection by writing the data and the destination address and hashing the data into hardware registers unknown to the chip,” the researchers said. Not used by firmware.
According to the researchers, the previously unknown hardware feature was likely intended for use for debugging or testing purposes by Apple engineers or the factory, or was included in the final consumer version of the iPhone by mistake.
“Since this feature is not used by the firmware, we have no idea how attackers would know how to use it,” the report said.
In a comment to Recorded Future News, an Apple spokesperson did not provide further details about Kaspersky’s new findings, instead sending the release notes for the patch to CVE-2023-38606.
Compared to similar findings Kaspersky has made over the years, “this is certainly the most sophisticated series of attacks we have ever seen.” The researchers said. The company’s explanation of the attack chain includes 13 separate points.
According to Kaspersky, there are other unanswered questions about the vulnerability.
“We don’t know how the attackers learned to use this unknown hardware feature or what its original purpose was. We don’t know if it was developed by Apple or if it was a third-party component,” the researchers said.
One thing such operations make clear, Kaspersky said, is that “advanced hardware-based protections are useless against a sophisticated attacker as long as there are hardware features that can bypass these protections.”
Recorded future
Intelligence cloud.
There is no previous article
There are no new articles